Summary: The interaction between web2 client-server architectures and web3 systems presents security challenges. Web3 systems often rely on classic centralized components, which can create unique attack surfaces. In this post, ongoing research on the use of web2 components in web3 systems is summarized, including vulnerabilities found in the Dappnode node management framework.…
Tag: CISO
The reality of cybersecurity for companies is that adversaries compromise systems and networks all the time, and even well-managed breach-prevention programs often have to deal with attackers inside their perimeters.
On March 5, the National Security Agency continued its best-practice recommendation to federal agencies, publishing its latest Cybersecurity Information Sheet (CIS) on the Network and Environment pillar of its zero-trust framework.…
Congress voted in favor of banning the popular social media app TikTok on Wednesday, following its passage last week by the House Energy Committee. The bill requires any company controlled by a “foreign adversary” to be divested within 180 days.
Pressure against the app, owned by Chinese parent company ByteDance, has been mounting for years.…
Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise.…
Whether it is to support compliance efforts for regulatory mandated logging, to feed daily security operations center (SOC) work, to support threat hunters or bolster incident response capabilities, security telemetry data stands as the lifeblood of a healthy cybersecurity program. But the more security relies on data and analysis to carry out its core missions, the more data it must manage, curate and protect—while keeping data-related costs tightly under control.…
The role of chief information security officer (CISO) has expanded in the past decade thanks to rapid digital transformation. Now CISOs have to be far more business-oriented, wear many more hats, and communicate effectively with board members, employees, and customers alike, or else risk serious security failures.…
Cybersecurity professionals are finding it more attractive to take their talents to the Dark Web and earn money working on the offensive side of cybercrime. This puts enterprises in a tough spot: cut into profit growth to keep cybersecurity skills from flowing to the highest bidder, or figure out how to defend their networks against those who know their weaknesses most intimately.…
Microsoft says the Russian government-backed hacking team that broke into its corporate network and spied on senior executives also stole source code and may still be poking around its internal computer systems.
In what is being described as an “ongoing attack,” the world’s largest software maker says it has evidence the hacking group “is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access.”…
The volume of cyberattacks and online throats continually growing is helping to make getting cyber insurance the norm for many organizations. While insurance has typically been something the organization’s board of directors worked on with the CFO, the technical nature of cyber risk means the CISO is increasingly being asked to be part of the conversation.…
COMMENTARY
Cybersecurity leaders constantly are on the hunt for tools and strategies to navigate the complex landscape of digital threats. But despite consistently being held accountable for safeguarding digital assets, chief information security officers (CISOs) have long grappled with a glaring deficiency in their management arsenal: They lack the oversight of their entire operations that would allow them to grasp the big picture while being able to quickly zoom in on what’s critical.…
The US Department of Health and Human Services (HHS) on Monday revealed the actions taken to assist healthcare providers in continuing to serve patients following the ransomware attack on Change Healthcare.
One of the largest healthcare technology companies in the US and a subsidiary of UnitedHealth Group, Change Healthcare handles billions of healthcare transactions per year.…
As artificial intelligence (AI) technologies advance, researchers are voicing concerns about the possibility of AI-fueled cyber-physical attacks on critical US infrastructure. Last month, the FBI warned that Chinese hackers might impair critical sectors such as water treatment, electrical, and transportation infrastructure. MIT’s Stuart Madnick, an influential authority in cybersecurity, stresses that these concerns could transcend beyond digital damage and pose real threats to national security. …
Read More
COMMENTARY
It seems obvious: CEOs and their chief information security officers (CISOs) should be natural partners. With the persistent rise in cyber threats, most CEOs recognize the importance of having a strong security leader to protect the company’s data, not to mention its reputation.
And yet, according to a PwC report, only 30% of CISOs feel they receive sufficient support from their CEO.…
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.…
Available in the following solutions: Ransomware Mitigation, Automated Security Workflows, and Mitigate Supply Chain Risk
Available in the following modules: Threat Intelligence, and Geopolitical Intelligence
In the ever-changing and converging threat landscape, organizations must remain vigilant to protect their critical assets and sensitive data from increasingly sophisticated attacks.…
On May 8, 2023, a known cybercriminal group attempted and failed at an extortion scheme against Dragos. No Dragos systems were breached, including anything related to the Dragos Platform.
Dragos has a culture of transparency and a commitment to providing educational material to the community. This is why it’s important to us to share what happened during a recent failed extortion scheme against Dragos in which a cybercriminal group attempted to compromise our information resources.…
ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques to compromise its targets, with fake job offers as the lure. In this case, we were able to reconstruct the full chain, from the ZIP file that delivers a fake HSBC job offer as a decoy, up until the final payload: the SimplexTea Linux backdoor distributed through an OpenDrive cloud storage account.…
Find out how the Managed XDR team uncovered RedLine Stealer’s evasive spear-phishing campaign that targets the hospitality industry.
Recently, we noticed a spike in the number of emails received by one of our customers. After further investigation, we found that three other customers in the hospitality industry were also affected.…
Over the past few weeks, the Huntress team has been tracking the recent conversations surrounding supposed ConnectWise Control vulnerabilities and alleged in-the-wild exploitation.
We have been in contact with both the ConnectWise CISO and security team, as well as the security researcher reporting on this. While there has since been some chatter and news articles, we would like to use this article to share our own perspective.…